Merge pull request #531 from Danil-Grigorev/ha-proxy-healthcheck-200

🐛 Use 200 as an expected response from kube-api in haproxy

examples/docker/air-gapped/rke2-sample.yaml

@@ -48,6 +48,9 @@ spec:
     airGapped: true
   serverConfig:
     cni: calico
+    kubeAPIServer:
+      extraArgs:
+      - --anonymous-auth=true
   kubeProxy:
     extraEnv:
       hello: world
@@ -163,8 +166,7 @@ data:
 
     backend kube-apiservers
       option httpchk GET /healthz
-      http-check expect status 401
-      # TODO: we should be verifying (!)
+
       {{range $server, $address := .BackendServers}}
       server {{ $server }} {{ JoinHostPort $address $.BackendControlPlanePort }} check check-ssl verify none resolvers docker resolve-prefer {{ if $.IPv6 -}} ipv6 {{- else -}} ipv4 {{- end }}
       {{- end}}

examples/docker/cis-profile/rke2-sample.yaml

@@ -44,6 +44,10 @@ metadata:
 spec: 
   replicas: ${CABPR_CP_REPLICAS}
   version: ${KUBERNETES_VERSION}+rke2r1
+  serverConfig:
+    kubeAPIServer:
+      extraArgs:
+      - --anonymous-auth=true
   agentConfig:
     cisProfile: ${CIS_PROFILE}
   infrastructureRef:
@@ -153,8 +157,7 @@ data:
 
     backend kube-apiservers
       option httpchk GET /healthz
-      http-check expect status 401
-      # TODO: we should be verifying (!)
+
       {{range $server, $address := .BackendServers}}
       server {{ $server }} {{ JoinHostPort $address $.BackendControlPlanePort }} check check-ssl verify none resolvers docker resolve-prefer {{ if $.IPv6 -}} ipv6 {{- else -}} ipv4 {{- end }}
       {{- end}}

examples/docker/clusterclass/clusterclass-quick-start.yaml

@@ -108,8 +108,7 @@ data:
 
     backend kube-apiservers
       option httpchk GET /healthz
-      http-check expect status 401
-      # TODO: we should be verifying (!)
+
       {{range $server, $address := .BackendServers}}
       server {{ $server }} {{ JoinHostPort $address $.BackendControlPlanePort }} check check-ssl verify none resolvers docker resolve-prefer {{ if $.IPv6 -}} ipv6 {{- else -}} ipv4 {{- end }}
       {{- end}}
@@ -156,6 +155,9 @@ spec:
         name: rke2-class-control-plane
       serverConfig:
         cni: calico
+        kubeAPIServer:
+          extraArgs:
+          - --anonymous-auth=true
         disableComponents:
           kubernetesComponents: [ "cloudController"]
       nodeDrainTimeout: 2m

examples/docker/disable-components/rke2-sample.yaml

@@ -50,6 +50,9 @@ spec:
     kind: DockerMachineTemplate
     name: controlplane
   serverConfig:
+    kubeAPIServer:
+      extraArgs:
+      - --anonymous-auth=true
    disableComponents:
       pluginComponents:
       - "rke2-ingress-nginx"
@@ -155,8 +158,7 @@ data:
 
     backend kube-apiservers
       option httpchk GET /healthz
-      http-check expect status 401
-      # TODO: we should be verifying (!)
+
       {{range $server, $address := .BackendServers}}
       server {{ $server }} {{ JoinHostPort $address $.BackendControlPlanePort }} check check-ssl verify none resolvers docker resolve-prefer {{ if $.IPv6 -}} ipv6 {{- else -}} ipv4 {{- end }}
       {{- end}}

examples/docker/enable-multus/rke2-sample.yaml

@@ -48,6 +48,9 @@ spec:
   serverConfig:
     cniMultusEnable: true
     cni: calico
+    kubeAPIServer:
+      extraArgs:
+      - --anonymous-auth=true
   infrastructureRef:
     apiVersion: infrastructure.cluster.x-k8s.io/v1beta1
     kind: DockerMachineTemplate
@@ -154,8 +157,7 @@ data:
 
     backend kube-apiservers
       option httpchk GET /healthz
-      http-check expect status 401
-      # TODO: we should be verifying (!)
+
       {{range $server, $address := .BackendServers}}
       server {{ $server }} {{ JoinHostPort $address $.BackendControlPlanePort }} check check-ssl verify none resolvers docker resolve-prefer {{ if $.IPv6 -}} ipv6 {{- else -}} ipv4 {{- end }}
       {{- end}}

examples/docker/kube-vip/rke2-sample.yaml

@@ -149,6 +149,10 @@ spec:
   template:
     spec:
       agentConfig: {}
+      serverConfig:
+        kubeAPIServer:
+          extraArgs:
+          - --anonymous-auth=true
 ---
 apiVersion: v1
 kind: ConfigMap
@@ -195,8 +199,7 @@ data:
 
     backend kube-apiservers
       option httpchk GET /healthz
-      http-check expect status 401
-      # TODO: we should be verifying (!)
+
       {{range $server, $address := .BackendServers}}
       server {{ $server }} {{ JoinHostPort $address $.BackendControlPlanePort }} check check-ssl verify none resolvers docker resolve-prefer {{ if $.IPv6 -}} ipv6 {{- else -}} ipv4 {{- end }}
       {{- end}}

examples/docker/online-default/cluster-template.yaml

@@ -54,6 +54,9 @@ spec:
     disableComponents:
       kubernetesComponents:
       - cloudController
+    kubeAPIServer:
+      extraArgs:
+      - --anonymous-auth=true
   infrastructureRef:
     apiVersion: infrastructure.cluster.x-k8s.io/v1beta1
     kind: DockerMachineTemplate
@@ -164,8 +167,7 @@ data:
 
     backend kube-apiservers
       option httpchk GET /healthz
-      http-check expect status 401
-      # TODO: we should be verifying (!)
+
       {{range $server, $address := .BackendServers}}
       server {{ $server }} {{ JoinHostPort $address $.BackendControlPlanePort }} check check-ssl verify none resolvers docker resolve-prefer {{ if $.IPv6 -}} ipv6 {{- else -}} ipv4 {{- end }}
       {{- end}}

test/e2e/data/infrastructure/cluster-template-docker-updated.yaml

@@ -39,8 +39,7 @@ data:
 
     backend kube-apiservers
       option httpchk GET /healthz
-      http-check expect status 401
-      # TODO: we should be verifying (!)
+
       {{range $server, $address := .BackendServers}}
       server {{ $server }} {{ JoinHostPort $address $.BackendControlPlanePort }} check check-ssl verify none resolvers docker resolve-prefer {{ if $.IPv6 -}} ipv6 {{- else -}} ipv4 {{- end }}
       {{- end}}
@@ -111,6 +110,9 @@ spec:
     disableComponents:
       kubernetesComponents:
       - cloudController
+    kubeAPIServer:
+      extraArgs:
+      - --anonymous-auth=true
   infrastructureRef:
     apiVersion: infrastructure.cluster.x-k8s.io/v1beta1
     kind: DockerMachineTemplate

test/e2e/data/infrastructure/cluster-template-docker.yaml

@@ -39,8 +39,7 @@ data:
 
     backend kube-apiservers
       option httpchk GET /healthz
-      http-check expect status 401
-      # TODO: we should be verifying (!)
+
       {{range $server, $address := .BackendServers}}
       server {{ $server }} {{ JoinHostPort $address $.BackendControlPlanePort }} check check-ssl verify none resolvers docker resolve-prefer {{ if $.IPv6 -}} ipv6 {{- else -}} ipv4 {{- end }}
       {{- end}}
@@ -112,6 +111,9 @@ spec:
     disableComponents:
       kubernetesComponents:
       - cloudController
+    kubeAPIServer:
+      extraArgs:
+      - --anonymous-auth=true
   infrastructureRef:
     apiVersion: infrastructure.cluster.x-k8s.io/v1beta1
     kind: DockerMachineTemplate

test/e2e/data/infrastructure/clusterclass-template-docker.yaml

@@ -109,8 +109,7 @@ data:
 
     backend kube-apiservers
       option httpchk GET /healthz
-      http-check expect status 401
-      # TODO: we should be verifying (!)
+
       {{range $server, $address := .BackendServers}}
       server {{ $server }} {{ JoinHostPort $address $.BackendControlPlanePort }} check check-ssl verify none resolvers docker resolve-prefer {{ if $.IPv6 -}} ipv6 {{- else -}} ipv4 {{- end }}
       {{- end}}
@@ -161,6 +160,9 @@ spec:
         cni: calico
         disableComponents:
           kubernetesComponents: [ "cloudController"]
+        kubeAPIServer:
+          extraArgs:
+          - --anonymous-auth=true
       rolloutStrategy:
         type: "RollingUpdate"
         rollingUpdate: